Malicious PDF — malware analysis report

Static analysis result for SHA-256 a450cbb02e13e7b9…

MALICIOUS

PDF

43.9 KB Created: 2019-04-29 16:04:09 +03:00 Authoring application: easyPDF Printer Driver 4.3 (via BCL easyPDF 4.30 (0303))
MD5: 439160589aebc465149d2d2b54d4e1cf SHA-1: 7781e0b63d6896306021d2a9e4a987bad8b5aa0d SHA-256: a450cbb02e13e7b9be984c32cd01dd7d607a437629f6c7884627184b7d230b19
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF was flagged by a machine learning classifier as malicious and contains a large number of embedded external links. The heuristic 'PDF_SEO_LINK_FARM' indicates a mass external PDF link farm, with the first URL being http://www.gorillawalker.com/city-girl-a-yellow-rose-trilogy-3.pdf. This suggests the document is likely part of a scheme to manipulate search engine results or to distribute further malicious content via the linked PDFs.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9171

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/city-girl-a-yellow-rose-trilogy-3.pdf
    • http://www.gorillawalker.com/ballade-for-alto-saxophone-and-piano.pdf
    • http://www.gorillawalker.com/not-all-princesses-wear-tiaras-empowering-kids-about-gender-roles.pdf
    • http://www.gorillawalker.com/colon-and-rectal-surgery-anorectal-operations-master-techniques-in-general.pdf
    • http://www.gorillawalker.com/twenty-steps-to-power-influence-and-control-over-people.pdf
    • http://www.gorillawalker.com/the-shadows-black-dagger-brotherhood.pdf
    • http://www.gorillawalker.com/verb-phrase-syntax-a-parametric-study-of-english-and-spanish.pdf
    • http://www.gorillawalker.com/around-the-world-with-auntie-mame-signet-book.pdf
    • http://www.gorillawalker.com/smithsonian-earth.pdf
    • http://www.gorillawalker.com/osaka-travel-map-2nd-edition-periplus-travel-maps.pdf
    • http://www.gorillawalker.com/trevor-s-gluten-free-surprise-helping-others-understand-gluten-free.pdf
    • http://www.gorillawalker.com/internal-combustion-engine-handbook-basics-components-systems-and-perspectives.pdf
    • http://www.gorillawalker.com/nasopharyngeal-carcinoma-keys-for-translational-medicine-and-biology-advances-in.pdf
    • http://www.gorillawalker.com/some-enchanted-evening-piano-vocal-sheet-music.pdf
    • http://www.gorillawalker.com/satan-exposed-defeating-the-powers-of-darkness.pdf
    • http://www.gorillawalker.com/spiritual-warfare-for-women-winning-the-battle-for-your-home.pdf
    • http://www.gorillawalker.com/the-trouble-with-africa.pdf
    • http://www.gorillawalker.com/timelinks-sixth-grade-student-practice-and-activity-workbook.pdf
    • http://www.gorillawalker.com/carson-wylde-boys-2-siren-publishing-everlasting-classic-manlove.pdf
    • http://www.gorillawalker.com/nature-s-place.pdf
    • http://www.gorillawalker.com/illustration-play.pdf
    • http://www.gorillawalker.com/volatile-markets-made-easy-trading-stocks-and-options-for-increased.pdf
    • http://www.gorillawalker.com/the-decision-tree-taking-control-of-your-health-in-the.pdf
    • http://www.gorillawalker.com/antibiotic-essentials-2010.pdf
    • http://www.gorillawalker.com/aliceheimer-s-alzheimer-s-through-the-looking-glass.pdf
    • http://www.gorillawalker.com/blood-music.pdf
    • http://www.gorillawalker.com/el-ladron-y-la-bailarina-spanish-edition.pdf
    • http://www.gorillawalker.com/developing-gestalt-counselling-a-field-theoretical-and-relational-model-of.pdf
    • http://www.gorillawalker.com/a-vegetarian-in-paris.pdf
    • http://www.gorillawalker.com/anthology-of-romantic-piano-music-an-alfred-masterwork-edition-book.pdf
    • http://www.gorillawalker.com/charleston-south-carolina-city-directories-for-the-years-1830-1841.pdf
    • http://www.gorillawalker.com/the-get-fuzzy-experience-are-you-bucksperienced-get-fuzzy-series.pdf
    • http://www.gorillawalker.com/scripture-and-counseling-god-s-word-for-life-in-a.pdf
    • http://www.gorillawalker.com/signature-moves-the-finishing-moves-of-sport-entertainment-superstars-paperback.pdf
    • http://www.gorillawalker.com/by-jack-anderson-ballet-and-modern-dance-a-concise-history.pdf
    • http://www.gorillawalker.com/busy-and-blessed-10-simple-steps-for-parents-seeking-peace.pdf
    • http://www.gorillawalker.com/scenarios-in-i-t-communicating-and-handling-information-pack-2.pdf
    • http://www.gorillawalker.com/bold-bible-kids-12-character-building-lessons-for-children-s.pdf
    • http://www.gorillawalker.com/winds-of-destruction-the-autobiography-of-a-rhodesian-combat-pilot.pdf
    • http://www.gorillawalker.com/outline-diagnosis-and-treatment-of-respiratory-disease-and-quality-control.pdf
    • http://www.gorillawalker.com/osaka-travel-map-2nd
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.